<?php

/*
 * This file is part of the Geek-Zoo Projects.
 * 
 * @copyright (c) 2010 Geek-Zoo Projects More info http://www.geek-zoo.com
 * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License
 * @author quqiang <quqiang@geek-zoo.com>
 *
 */

/**
* 后台用户的登录和验证处理
*/

define('CAN_READ', 1);
define('CAN_EDIT', 2);
define('CAN_DELETE', 4);

// $read = CAN_READ; 1
// $edit = CAN_READ | CAN_EDIT; 3
// $dete = CAN_READ | CAN_EDIT | CAN_DELETE; 7

class admin_abs 
{
    private $permission = 0;

    function __construct($action, $method)
    {
        if (!isset($_SESSION['admin_user'])) {
            redirect('?url=user/login');
        }

        $menu = Config::get('menu');
        $opt = _model('admin_menu')->getOption();
        // 载入新的菜单
        if ($opt && $opt->valid()) {
            $menu = array();
            $kk = '';
            foreach ($opt as $key => $val) {
                if (!$val['parent_id']) {
                    $kk = $val['name'];
                } else {
                    $menu[$kk][$val['name']] = $val['url'];
                }
            }
        }
        
        // history
        $history = $_SESSION['admin_user']['history'];
        $path = $action;
        if ($method != 'index') {
            $path .= "/{$method}";
        }

        foreach ($menu as $val) {
            foreach ($val as $k => $v) {
                if ($v == $path) {
                    $add = array($k=>$v);
                    if (($key = array_search($add, $history)) !== false) {
                        unset($history[$key]);
                    }
                    array_unshift($history, $add);
                    break;
                }
            }
        }

        while (count($history) > 5) {
            array_pop($history);
        }
        reset($history);
        $_SESSION['admin_user']['history'] = $history;
        Smarty3::instance()->assign('history', $history);

        if ($_SESSION['admin_user']['id'] != 1) {
            //id 为1 不做权限判断
            $user_info =  _model(_t('admin'))->read(array('id'=>$_SESSION['admin_user']['id']));
            $permission = explode(',', $user_info['permission']);
            $permission_array = array();
            foreach ($permission as  $value) {
                $val = explode(':', $value);
                $permission_array[$val[0]] = $val[1];
            }

            if (empty($permission_array[$action]) && $action != 'index' ) {
                msg('没有权限');
            }

            $this->permission = $permission_array[$action];

            switch ($method) {
                case 'create':
                    if (!($this->permission & CAN_EDIT)) {
                        msg('无权限');
                    }
                    break;
                case 'update':
                    if (!($this->permission & CAN_EDIT)) {
                        msg('无权限');
                    }
                    break;
                case 'delete':
                    if (!($this->permission & CAN_DELETE)) {
                        msg('无权限');
                    }
                    break;
            }



            // 根据用户权限,重新处理menu
            foreach ($menu as &$value) {
                foreach ($value as $k => $val) {
                    $val = current(explode('/', $val));
                    if (!array_key_exists($val, $permission_array)) {
                        unset($value[$k]);
                    }
                }
            }

            foreach ($menu as $key => $v) {
                if (empty($v)) {
                    unset($menu[$key]);
                }
            }
            //
        }

        if ($action == 'index' && $method == 'index') {
            reset($menu);
            $url = current(current($menu));
            redirect('?url='.$url);
        }

        Smarty3::instance()->assign('menu', $menu);
        Smarty3::instance()->assign('menu_action', $action);
    }

}



?>